Reports
Members' additional entitlements 2020
The Auditor-General for New South Wales, Margaret Crawford, released a report today reviewing the additional entitlements claimed by Members of the New South Wales Parliament (Members) under the Parliamentary Remuneration Tribunal’s Determination (the Determination).
The Auditor-General found three material instances of Member non-compliance with the Determination. The Department of Parliamentary Services has subsequently requested the three Members repay amounts incorrectly claimed.
The report also acknowledges that the Department has worked with the Tribunal to address two of the three recommendations made in the 2019 Auditor-General’s review. These are now reflected in the 2020 Determination. The Department expects to address the third recommendation in the 2021 Determination.
The Auditor General has reviewed the compliance of the Members of the NSW Parliament (Members) with certain requirements outlined in the Parliamentary Remuneration Tribunal's Determination (the Determination) for the year ended 30 June 2020.
The Auditor General's review of Members' compliance with the Determination analyses claims made by Members during the 2019–20 financial year by testing a sample of transactions. Our sample included 66 claims submitted by 43 of the 136 Members.
Results
Our review identified three instances of material non compliance with the Determination for the year ended 30 June 2020:
- one Member claimed the General Travel Allowance for the full cost of a charter flight used to both attend a family event and perform the Member's parliamentary duties instead of estimating and claiming only the cost related to the Member's parliamentary duties
- one Member claimed the Communications Allowance for the same expenditure twice
- one Member elected to repay the allowance claimed in lieu of providing evidence to support their claims. The Member claimed the Sydney Daily Allowance and advised that they did not have records to support that the purpose of the travel related to their parliamentary duties.
The Determination requires Members to maintain appropriate records of expenditure for the purpose of any audit or assurance engagements. Repeated reviews have identified Members who elect to repay the allowances claimed in lieu of providing supporting documents. Justifying a claim for an allowance with supporting documents should not rely on the Auditor-General's review. Last year, we recommended the Department of Parliamentary Services (the Department) work with the Tribunal to provide additional guidance to Members to clarify the definition of parliamentary duties, the activities that meet the definition and the requirements for retaining documents. The recommendation is currently being considered by the Department.
Our review also identified 22 other departures from the administrative requirements of the Determination:
- two Members did not make the required authorisations and attributions on a publication to claim the expenditure from the Communications Allowance
- seven reconciliations for the Sydney Allowance were submitted after the due date
- 13 Members' claims were not submitted to the Department for payment within 60 days of receipt or occurrence of the expense.
Our audit procedures identified three other departures from the Department's administrative guidelines, which support the application of the Determination. Three Members submitted their annual loyalty scheme declarations after the due date specified in the guidelines (31 July 2020). The Declaration is important because it affirms that loyalty scheme benefits accrued using the Member's parliamentary allowances and entitlements were not used for private purposes.
Background
The Parliamentary Remuneration Tribunal (the Tribunal) determines the salary and additional entitlements of Members of NSW Parliament (Members), which are set out in the Tribunal's annual Determination
Transport 2020
1. Financial Reporting |
|
| Audit opinion | Unmodified audit opinions issued for the financial statements of all Transport cluster entities. |
| Quality and timeliness of financial reporting | All cluster agencies met the statutory deadlines for completing the early close and submitting the financial statements. Transport cluster agencies continued to experience some challenges with accounting for land and infrastructure assets. The former Roads and Maritime Services and Sydney Metro recorded prior period corrections to property, plant and equipment balances. |
| Impact of COVID-19 on passenger revenue and patronage | Total patronage and revenue for public transport decreased by approximately 18 per cent in 2019–20 due to COVID-19. The Transport cluster received additional funding from NSW Treasury during the year to support the reduced revenue and additional costs incurred such as cleaning on all modes of public transport and additional staff to manage physical distancing. |
| Completion of the CBD and South East Light Rail | The CBD and South East Light Rail project was completed and commenced operations in this financial year. At 30 June 2020, the total cost of the project related to the CBD and South East Light Rail was $3.3 billion. Of this total cost, $2.6 billion was recorded as assets, whilst $700 million was expensed. |
2. Audit Observations |
|
| Internal control | While internal controls issues raised in management letters in the Transport cluster have decreased compared to the prior year, control weaknesses continue to exist in access security for financial systems. We identified 56 management letter findings across the cluster and 43 per cent of all issues were repeat issues. The majority of the repeat issues relate to information technology controls around user access management. There were three high risk issues identified - two related to financial reporting of assets and one for implementation of TAHE (see below). |
| Agency responses to emergency events | Transport for NSW established the COVID-19 Taskforce in March 2020 to take responsibility for the overall response of planning and coordination for the Transport cluster. It also implemented the COVIDSafe Transport Plan which incorporates guidance on physical distancing, increasing services to support social distancing and cleaning. |
| RailCorp transition to TAHE | On 1 July 2020, RailCorp was renamed Transport Asset Holding Entity of New South Wales (TAHE) and converted to a for-profit statutory State-Owned Corporation. TAHE is a commercial for-profit Public Trading Entity with the intent to provide a commercial return to its shareholders. A plan was established by NSW Treasury to transition RailCorp to TAHE which covered the period 1 July 2015 to 1 July 2019. A large portion of the planned arrangements were not implemented by 1 July 2020. As at the time of this report, the TAHE operating model, Statement of Corporate Intent (SCI) and other key plans and commercial agreements are not finalised. The State Owned Corporations Act 1989 generally requires finalisation of an SCI three months after the commencement of each financial year. However, under the Transport Administration Act 1988, TAHE received an extension from the voting shareholders, the Treasurer and Minister for Finance and Small Business, to submit its first SCI by 31 December 2020. In accordance with the original plan, interim commercial access arrangements were supposed to be in place with RailCorp prior to commencement of TAHE. Under the transitional arrangements, TAHE is continuing to operate in accordance with the asset and safety management plans of RailCorp. The final operating model is expected to include considerations of safety, operational, financial and fiscal risks. This should include a consideration of the potential conflicting objectives of a commercial return, and maintenance and safety measures. This matter has been included as a high risk finding in our management letter due to the significance of the financial reporting impacts and business risks for TAHE. Recommendation: TAHE management should:
Resolution of the above matters are critical as they may significantly impact the financial reporting arrangements for TAHE for 2020–21, in particular, accounting policies adopted as well as measurement principles of its significant infrastructure asset base. |
| Completeness and accuracy of contracts registers | Across the Transport cluster, contracts and agreements are maintained by the transport agencies using disparate registers. Recommendation (repeat): Transport agencies should continue to implement a process to centrally capture all contracts and agreements entered. This will ensure:
|
This report provides parliament and other users of the Transport cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
This chapter outlines our audit observations related to the financial reporting of agencies in the Transport cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Transport cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019, 2018 and 2017 recommendations
Appendix three – Management letter findings
Appendix four – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Planning, Industry and Environment 2020
This report analyses the results of our audits of financial statements of the Planning, Industry and Environment cluster agencies for the year ended 30 June 2020. The table below summarises our key observations.
1. Financial reporting
|
Audit opinions |
There are 45 separate entities in the cluster. Unqualified audit opinions were issued for 38 cluster agencies' 30 June 2020 financial statements audits. Four financial statements audits are still ongoing, and three agencies were not subject to audit due to NSW Treasury reporting exemptions. |
|
Timeliness of financial reporting |
The majority of cluster agencies subject to statutory reporting deadlines met the revised timeline for submitting financial statements. Twenty‑four of the 26 cluster agencies required to submit early close financial statements met the revised timeframe. Due to issues identified during the audit, 13 financial statements audits were not completed and audit opinions not issued by the statutory deadline. |
|
Implementation of AASB 16 'Leases' |
Significant deficiencies were identified in Property NSW's lease data maintenance and lease calculations. Recommendation (partially repeat): Property NSW should:
Our audits of the cluster agencies identified there was a lack of thorough quality assurance over the accuracy of lease information provided by Property NSW. Recommendation: The Department and cluster agencies should:
|
|
Unprocessed Aboriginal land claims continued to increase |
In 2019–20, the Department resolved an additional 468 Aboriginal land claims compared to the prior year. However, the total number of unprocessed Aboriginal land claims increased by 914 to 36,769 at 30 June 2020. The number of claims remaining unprocessed for more than ten years after lodgement increased by 10.9 per cent from last year. Until claims are resolved, there is an uncertainty over who is entitled to the land and the uses and activities that can be carried out on the land. Auditor-General's Reports to Parliament since 2007 have recommended action to address the increasing number of unprocessed claims. To date, the Department has not been able to resolve this issue. During 2020–21, a performance audit will assess the effectiveness and efficiency of the administration of Aboriginal land claims. |
|
Financial reporting of Crown land managers |
The Department will need to provide additional support and guidance to help Crown land managers (CLMs) meet their financial reporting obligations. Recommendation: The Department should:
During 2019–20, NSW Treasury established the reporting exemption criteria for the CLMs. Based on available information, the Department determined 31 CLMs would not meet the exemption criteria and therefore are required to prepare annual financial statements. |
2. Audit observations
|
Internal controls |
Six high‑risk issues were identified across the cluster in 2019–20:
One in three internal control issues identified and reported to management in 2019–20 were repeat issues. Recommendation: Management letter recommendations to address internal control weaknesses should be actioned promptly, with a focus on addressing high‑risk and repeat issues. |
|
Agencies response to recent emergencies |
The unprecedented bushfires and COVID‑19 pandemic presented challenges for the cluster. Agencies established taskforces or response teams to respond to these emergencies. With more staff working from home, agencies implemented protocols and procedures to manage risks associated with the remote working arrangements, and also needed to address certain technology issues. The Department is responsible for the new Planning System Acceleration Program, which aims to fast‑track planning assessments, boost the State's economy and keep people in jobs during COVID‑19 pandemic. Between April and October 2020, the Department announced and determined 101 major projects and planning proposals. |
|
Recognition of Crown land |
Crown land is an important asset of the State. Management and recognition of Crown land assets is weakened when there is confusion over who is responsible for a particular Crown land parcel. Auditor-General's Reports to Parliament since 2017 have recommended that the Department should ensure the database of Crown land is complete and accurate. Whilst the Department has commenced actions to improve the database, this remained an issue in 2019–20. Recommendation (repeat issue): The Department should prioritise action to ensure the Crown land database is complete and accurate. This allows state agencies and local councils to be better informed about the Crown land they control. |
|
Implementation of Machinery of Government (MoG) changes |
Since its creation on 1 July 2019, the Department has largely established its governance arrangements, including setting up the Audit and Risk Committee and internal audit function for the Department and relevant cluster agencies. The Department still operated three main financial reporting systems in 2019–20, and has commenced the process to consolidate some of the systems. The recent Regional NSW MoG change led to the transfer of $446 million net assets and $284 million 2019–20 budget from the Department to the newly created Department of Regional NSW on 2 April 2020. |
This report provides parliament and other users of the Planning, Industry and Environment cluster agencies’ financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
The COVID‑19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID‑19 pandemic. These amendments:
- allowed the Treasurer to authorise payments from the Consolidated fund until the enactment of the 2020–21 budget – impacting the going concern assessments of cluster agencies
- revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
- exempted certain statutory bodies and departments from preparing financial statements.
This chapter outlines our audit observations related to the financial reporting of agencies in the Planning, Industry and Environment cluster for 2020, including any financial implications from the recent emergency events.
Section highlights
The Department has not yet developed a statutory reporting framework for Crown land managers and will need to provide additional resources to help Crown land managers meet their financial reporting obligations. |
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statements audits of agencies in the Planning, Industry and Environment cluster
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies
- review of how the cluster agencies managed the increased risks associated with new programs aimed at stemming the spread of COVID-19 and stimulating the economy.
Cluster agencies experienced a range of control and governance related issues in recent years. An increased number of high risk issues and greater proportion of repeat issues were identified as part of our audits. It is important for cluster agencies to promptly address these issues.
Section highlights
|
Education 2020
The Auditor-General for New South Wales, Margaret Crawford, released a report today titled Education 2020. This report focuses on key observations and findings from the most recent audits of agencies in the Education cluster.
Unqualified audit opinions were issued for all cluster agencies’ financial statements. However, internal control deficiencies were identified across the cluster agencies, including deficiencies in the management of purchasing cards and 15 internal control issues that were repeated from the previous year.
The 2019–20 natural disasters caused widespread damage in both Northern and Southern NSW. The COVID‑19 pandemic further challenged agencies, requiring social distancing and other infection control measures which disrupted the traditional means of teaching students. Agencies have adjusted their operations to respond to these emergency events.
The TAFE Commission’s revenues 2019–20 were impacted by the pandemic. Lower enrolments and an increase in fee-free short courses offered during the year contributed to the result.
This report analyses the results of our audits of financial statements of entities within the Education cluster for the year ended 30 June 2020. The table below summarises our key observations and recommendations.
1. Financial reporting
| Audit opinions | Unqualified audit opinions were issued for all cluster agencies' 30 June 2020 financial statements audits. |
| New accounting standards |
Agencies implemented three new accounting standards during the year. Our financial statement audits of the Department of Education (the Department) and NSW Education Standards Authority (NESA) identified issues with the leasing information provided by Property NSW (PNSW). Despite the outsourcing arrangement, both the Department and NESA remain ultimately responsible for the completeness and accuracy of this information, which would have benefited from a more thorough quality assurance, validation and review process before they placed reliance upon it. Recommendation: We recommend the Department and NESA:
|
| Changes were made to the financial reporting requirements this year to account for the impact of the pandemic |
Emergency legislation was enacted during the year in response to the COVID-19 pandemic. The legislation revised the statutory reporting deadlines for agencies to submit their financial statements and allowed the Treasurer to continue authorising payments from the consolidated fund until the enactment of the 2020–21 budget. All cluster agencies prepared their financial statements on a going concern basis and submitted their financial statements within the revised statutory deadlines. The State provided $159.0 million in stimulus funding to support the operations of cluster agencies during emergency events. Nearly half of this funding was to support cleaning activities by the Department and the Technical and Further Education Commission (the TAFE Commission) during the COVID-19 pandemic. |
| Quality and timeliness of financial reporting |
The number of monetary misstatements identified in agencies' financial statements decreased to 14 (23 in 2018–19). While the number of corrections made to the financial statements after the submission date increased to eight (two in 2018–19), it is important to note these corrections provide parliament and other users of the financial statements increased confidence in the accuracy and presentation of agencies' performance and financial position. |
| Sustainability of cluster agencies | The TAFE Commission's enrolments declined, and operating margins reduced, both being impacted by the COVID-19 pandemic. |
2. Audit observations
| Internal control deficiencies |
We identified 33 internal control issues, including 15 findings that were repeated from previous years. A high-risk issue was reported at the Department relating to the inadequate monitoring and follow up of privileged user activity in its enterprise resource planning system – SAP. Repeat findings relate to ongoing deficiencies in information technology controls and management policies, practices and procedures. Recommendation: Cluster agencies should:
|
| Agency responses to emergency events |
The Department established a separate bushfire relief directorate and COVID-19 Taskforce to assist and support school communities in response to recent emergencies. Other cluster agencies have established committees or response teams to oversee and address all aspects of the impact of COVID-19. |
| Schools review 2019 | We continue to identify instances of non-compliance in relation to cash management and procurement at schools. |
| Use of purchasing cards at the Department of Education |
Since 2015, the NSW Government has encouraged the use of purchasing cards by public sector agencies. Purchasing cards are efficient to transact low value, high volume procurement of goods and services, but the use must be effectively monitored. Our review of the Department's purchasing cards identified weaknesses in its oversight and monitoring controls, including the issue and cancellation of purchasing cards Opportunities exist for the Department to better monitor card use. Tools such as data analytics are an efficient and effective detective control to identify irregular activity or misuse by cardholders. Recommendation: The Department should:
|
This report provides parliament and other users of the Education cluster’s financial statements with the results of our audits, our observations, analysis, conclusions and recommendations in the following areas:
- financial reporting
- audit observations
- the impact of emergencies and the COVID-19 pandemic.
Financial reporting is an important element of good governance. Confidence and transparency in public sector decision making are enhanced when financial reporting is accurate and timely.
The COVID-19 Legislation Amendment (Emergency Measures–Treasurer) Act 2020 amended legislation administered by the Treasurer to implement further emergency measures as a result of the COVID-19 pandemic. These amendments:
- allowed the Treasurer to authorise payments from the consolidated fund until the enactment of the 2020–21 budget – supporting the going concern assessments of cluster agencies
- revised budgetary, financial and annual reporting time frames – impacting the timeliness of financial reporting
- exempted certain statutory bodies and departments from preparing financial statements.
This chapter outlines our audit observations related to the financial reporting of agencies in the Education cluster for 2020, including any financial implications from the recent emergency events.
Section highlightsUnqualified audit opinions were issued on the financial statements of cluster agencies.
All cluster agencies met the revised statutory deadlines for completing early close procedures and submitting their financial statements. Emergency legislation allowing the Treasurer to continue authorising payments from the consolidated fund under the existing Appropriations Act enabled cluster agencies to prepare financial statements on a going concern basis.
|
Appropriate financial controls help ensure the efficient and effective use of resources and administration of agency policies. They are essential for quality and timely decision making.
This chapter outlines our:
- observations and insights from our financial statement audits of agencies in the Education cluster. It also comments on our review of elements of the financial control framework applied by schools in NSW whose financial results form part of the Department of Education's (the Department) financial statements.
- assessment of how well cluster agencies adapted their systems, policies and procedures, and governance arrangements in response to recent emergencies.
Section highlights
|
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 and 2018 recommendations
Appendix three – Financial data
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Internal controls and governance 2020
The Auditor-General for New South Wales, Margaret Crawford today released her report on the findings and recommendations from the 2019–20 financial audits that relate to internal controls and governance at 40 of the largest agencies in the NSW public sector.
The bushfire and flood emergencies and the COVID‑19 pandemic continue to have a significant impact on the people and public sector of New South Wales. The scale of the government response to these events has been significant. The report focuses on the effectiveness of internal controls and governance processes, including relevant agencies’ response to the emergencies. In particular, the report focuses on:
- financial and information technology controls
- business continuity and disaster recovery planning arrangements
- procurement, including emergency procurement
- delegations that support timely and effective decision-making.
Due to the ongoing impact of COVID‑19 agencies have not yet returned to a business‑as‑usual environment. ‘Agencies will need to assess their response to the recent emergencies and update their business continuity, disaster recovery and other business resilience frameworks to reflect the lessons learnt from these events’ the Auditor-General said.
The report noted that special procurement provisions were put in place to allow agencies to better respond to the COVID-19 pandemic. The Auditor-General recommended agencies update their procurement policies to reflect the current requirements of the NSW Procurement Framework and the emergency procurement requirements.
This report analyses the internal controls and governance of 40 of the largest agencies in the NSW public sector for the year ended 30 June 2020. These 40 agencies constitute an estimated 85 per cent of total expenditure for all NSW public sector agencies.
1. Internal control trends
| New, repeat and high risk findings |
Internal control deficiencies increased by 13 per cent compared to last year. This is predominately due to a seven per cent increase in new internal control deficiencies and 24 per cent increase in repeat internal control deficiencies. There were ten high risk findings compared to four last year. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. Agencies should:
|
| Common findings |
A number of findings remain common across multiple agencies over the last four years, including:
|
2. Information technology controls
| IT general controls |
We found deficiencies in information security controls over key financial systems including:
The deficiencies above increase the risk of non-compliance with the NSW Cyber Security Policy, which requires agencies to have processes in place to manage user access, including privileged user access to sensitive information or systems and remove that access once it is not required or employment is terminated. |
3. Business continuity and disaster recovery planning
| Assessing risks to business continuity and Scenario testing |
The response to the recent emergencies and the COVID-19 pandemic has encompassed a wide range of activities, including policy setting, on-going service delivery, safety and availability of staff, availability of IT and other systems and financial management. Agencies were required to activate their business continuity plans in response, and with the continued impact of COVID-19 have not yet returned to a business-as-usual environment. Our audits focused on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. We identified deficiencies in agency business continuity and disaster recovery planning arrangements. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities. Agencies can also improve the content of their BIA. For example, ten per cent of agencies' BIAs did not include recovery time objectives and six per cent of agencies did not identify key IT systems that support critical business functions. Scenario testing improves the effectiveness with which a live crisis is handled, but 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. There were also opportunities to improve the effectiveness of scenario testing exercises by:
Agencies have responded to the recent emergencies but addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
| Responding to disruptions |
We found agencies' governance functions could have been better informed about responses to disruptive incidents that had activated a business continuity or disaster recovery response between 1 January 2019 to 31 December 2019. For instance: in 89 per cent of instances where a business continuity response was activated, a post-incident review had been performed. In 82 per cent of these instances, the outcomes were reported to a relevant governance or executive management committee in 95 per cent of instances where a disaster recovery response was activated, a post incident review had been performed. In 86 per cent of these instances, the outcomes were reported to a relevant governance committee or executive management committee. Examples of recorded incidents included extensive air quality issues and power outages due to bushfires, system and network outages, and infected and hijacked servers. Agencies should assess their response to the recent emergencies and the COVID-19 pandemic and update business continuity, disaster recovery and other business resilience frameworks to incorporate lessons learned. Agencies should report to those charged with governance on the results and planned actions. |
| Management review and oversight | Eighty-two per cent and 86 per cent of agencies report to their audit and risk committees (ARC) on their business continuity and disaster recovery planning arrangements, respectively. Only 18 per cent and five per cent of ARCs are briefed on the results of respective scenario testing. Briefing ARCs on the results of scenario testing exercises helps inform their decisions about whether sound and effective business continuity and disaster recovery arrangements have been established. |
4. Procurement, including emergency procurement
| Policy framework |
Agency procurement policies did not capture the requirements of several key NSW Procurement Board Directions (the Directions), increasing the risk of non-compliance with the Directions. We noted:
Recommendation: Agencies should review their procurement policies and guidelines to ensure they capture the key requirements of the NSW Government Procurement Policy Framework, including NSW Procurement Board Directions. |
| Managing contracts |
Eighty-eight per cent of agencies maintain a central contract register to record all details of contracts above $150,000, which is a requirement of GIPA legislation. Of the agencies that maintained registers, 13 per cent did not capture all contracts and eight per cent did not include all relevant contract details. Sixteen per cent of agencies did not periodically review their contract register. Timely review increases compliance with GIPA legislation, and enhances the effectiveness with which procurement business units monitor contract end dates, contract extensions and commence new procurement. |
| Training and support |
Ninety-three per cent of agencies provide training to staff involved in procurement processes, and a further 77 per cent of agencies provide this training on an on-going basis. Of the seven per cent of agencies that had not provided training to staff, we noted gaps in aspects of their procurement activity, including:
Training on procurement activities ensures there is effective management of procurement processes to support operational requirements, and compliance with procurement directions. |
| Procurement activities | While agencies had implemented controls for tender activities above $650,000, 43 per cent of unaccredited agencies did not comply with the NSW Procurement Policy Framework because they had not had their procurement endorsed by an accredited agency within the cluster or by NSW Procurement. This endorsement aims to ensure the procurement is properly planned to deliver a value for money outcome before it commences. |
| Emergency procurement |
As at 30 June 2020, agencies within the scope of this report reported conducting 32,239 emergency procurements with a total contract value of $316,908,485. Emergency procurement activities included the purchase of COVID-19 cleaning and hygiene supplies. The government, through NSW Procurement released the 'COVID-19 Emergency procurement procedure', which relaxed procurement requirements to allow agencies to make COVID-19 emergency procurements. Our review against the emergency procurement measures found most agencies complied with requirements. For example:
Complying with the procedure helps to ensure government resources are being efficiently, effectively, economically and in accordance with the law. Recommendation: Agency procurement frameworks should be reviewed and updated so they can respond effectively to emergency situations that may arise in the future. This includes:
|
5. Delegations
| Instruments of delegation |
We found that agencies have established financial and human resources delegations, but some had not revisited their delegation manuals following the legislative and machinery of government changes. For those agencies impacted by machinery of government changes we noted:
Delegations manuals are not always complete; 16 per cent of agencies had no delegation for writing off bad debts and 26 per cent of agencies had no delegation for writing off capital assets. Recommendation: Agencies should ensure their financial and human resources delegation manuals contain regular set review dates and are updated to reflect the Government Sector Finance Act 2018, machinery of government changes and their current organisational structure and roles and responsibilities. |
| Compliance with delegations |
Agencies did not understand or correctly apply the requirements of the Government Sector Finance Act 2018 (GSF Act), resulting in non-compliance with the Act. We found that 18 per cent of agencies spent deemed appropriations without obtaining an authorised delegation from the relevant Minister(s), as required by sections 4.6(1) and 5.5(3) of the GSF Act. Further detail on this issue will be included in our Auditor-General's Reports to Parliament on Central Agencies, Education, Health and Stronger Communities, which will be tabled throughout December 2020. Recommendation: Agencies should review financial and human resources delegations to ensure they capture all key functions of laws and regulations, and clearly specify the relevant power or function being conferred on the officer. |
6. Status of 2019 recommendations
| Progress implementing last year's recommendations |
Recommendations were made last year to improve transparency over reporting on gifts and benefits and improve the visibility management and those charged with governance had over actions taken to address conflicts of interest that may arise. This year, we continue to note:
While we acknowledge the significance of the recent emergencies, which have consumed agency time and resources, we note limited progress has been made implementing these recommendations. Further detail on the status of implementing all recommendations is in Appendix 2. Recommendation: Agencies should re-visit the recommendations made in last year's report on internal controls and governance and action these recommendations. |
Internal controls are processes, policies and procedures that help agencies to:
- operate effectively and efficiently
- produce reliable financial reports
- comply with laws and regulations
- support ethical government.
This chapter outlines the overall trends for agency controls and governance issues, including the number of audit findings, the degree of risk those deficiencies pose to the agency, and a summary of the most common deficiencies we found across agencies. The rest of this report presents this year’s controls and governance findings in more detail.
|
Section highlights We identified ten high risk findings, compared to four last year with two findings repeated from the previous year. There was an overall increase of 13 per cent in the number of internal control deficiencies compared to last year due to a seven per cent increase in new internal control deficiencies, and a 24 per cent increase in repeat internal control deficiencies. The recent emergencies have consumed agency time and resources and may have contributed to the increase in internal control deficiencies, particularly repeat deficiencies. We identified a number of findings that remain common across multiple agencies over the last four years. Some of these findings related to areas that are fundamental to good internal control environments and effective organisational governance. Examples include:
Policies, procedures and internal controls should be properly designed, be appropriate for the current organisational structure and its business activities, and work effectively. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency controls to manage key financial systems.
|
Section highlights Government agencies’ financial reporting is heavily reliant on information technology (IT). We continue to see a high number of deficiencies related to IT general controls, particularly those related to user access administration. These controls are key in adequately protecting IT systems from inappropriate access and misuse. IT is also important to the delivery of agency services. These systems often provide the data to help monitor the efficiency and effectiveness of agency processes and services they deliver. Our financial audits do not review all agency IT systems. For example, IT systems used to support agency service delivery are generally outside the scope of our financial audit. However, agencies should also consider the relevance of our findings to these systems. Agencies need to continue to focus on assessing the risks of inappropriate access and misuse and the implementation of controls to adequately protect their systems, focussing on the processes in place to grant, remove and monitor user access, particularly privileged user access. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency business continuity and disaster recovery planning arrangements.
|
Section highlights We identified deficiencies in agency business continuity and disaster recovery planning arrangements and opportunities for agencies to enhance their business continuity management and disaster recovery planning arrangements. This will better prepare them to respond to a disruption to their critical functions, resulting from an emergency or other serious event. Twenty-three per cent of agencies had not conducted a business impact analysis (BIA) to identify critical business functions and determine business continuity priorities and 40 per cent of agencies had not conducted a business continuity scenario testing exercise in the period from 1 January 2019 to 31 December 2019. Scenario testing improves the effectiveness with which a live crisis is handled. This section focusses on the preparedness of agency business continuity and disaster recovery planning arrangements prior to the onset of the COVID-19 pandemic. While agencies have responded to the recent emergencies, proactively addressing deficiencies will ensure agencies have adequate safeguards in their processes to again respond in the future, if required. During 2020–21 we plan to conduct a performance audit on 'Business continuity and disaster recovery planning'. This audit will consider the effectiveness of agency business continuity planning arrangements to maintain business continuity through the recent emergencies and/or COVID-19 pandemic and return to a business-as-usual environment. We also plan to conduct a performance audit on whole-of-government 'Coordination of emergency responses'. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of procurement agency procurement policies and procurement activity.
|
Section highlights We found agencies have procurement policies in place to manage procurement activity, but the content of these policies was not sufficiently detailed to ensure compliance with NSW Procurement Board Directions (the Directions). The Directions aim to ensure procurement activity achieves value for money and meets the principles of probity and fairness. Agencies have generally implemented controls over their procurement process. In relation to emergency procurement activity, agencies reported conducting 32,239 emergency procurements with a total contract value of $316,908,485 up to 30 June 2020. Our review of emergency procurement activity conducted during 2019–20 identified areas where some agencies did not fully comply with the 'COVID-19 Emergency procurement procedure'. We also found not all agencies are maintaining complete and accurate contract registers. This not only increases the risk of non-compliance with GIPA legislation, but also limits the effectiveness of procurement business units to monitor contract end dates, contract extensions and commence new procurement in a timely manner. We noted instances where agencies renewed or extended contracts without going through a competitive tender process during the year. |
This chapter outlines our audit observations, conclusions and recommendations, arising from our review of agency compliance with financial and human resources delegations.
Appendix one – List of 2020 recommendations
Appendix two – Status of 2019 recommendations
Appendix three – Cluster agencies
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Governance and internal controls over local infrastructure contributions
The Auditor-General for New South Wales, Margaret Crawford, released a report today on how well four councils managed their local infrastructure contributions during the 2017-18 and 2018-19 financial years.
Local infrastructure contributions, also known as developer contributions, are collected from developers to pay for local infrastructure such as drainage, local roads, open space and community facilities. Controls over local infrastructure contributions help to ensure that all contributions owed are collected, funds are spent as intended, and any contributions paid in the form of works-in-kind or dedicated land are correctly valued.
The audit found that Blacktown City Council and City of Sydney Council provided effective governance over their local infrastructure contributions whereas Central Coast and Liverpool City Councils’ governance arrangements require improvement.
The audit found that three councils had spent local infrastructure contributions in accordance with approved contributions plans. Central Coast Council and the former Gosford City Council had spent $13.2 million on administration costs in breach of the Environmental Planning and Assessment Act 1979. These funds were repaid into the council’s local infrastructure fund during the course of the audit.
The Auditor-General made a number of recommendations for each council relating to improving controls over contributions and increasing transparency.
This audit examined the effectiveness of governance and internal controls over local infrastructure contributions, also known as developer contributions, held by four councils during the 2017–18 and 2018–19 financial years.
This performance audit was conducted with reference to the legislative and regulatory planning framework that was in place during that period.
Our work for this performance audit was completed at the end of March 2020 when we issued the final report to the four audited councils and the Department of Planning, Industry and Environment. We received their respective formal responses to the report’s recommendations during April and May 2020.
Concurrently to this audit, we sought Crown Solicitor’s advice (the ‘Advice’) regarding the use of local infrastructure contributions collected by local councils under the Environmental Planning and Assessment Act 1979 (‘the EPA Act’) for our financial audit work. The Advice clarified the applicable legislative requirements with reference to the application, investment and pooling of local infrastructure contributions. The Advice is included in Appendix 2 of this report. The Advice has not impacted on the findings and recommendations of this report.
Councils collect Local Infrastructure Contributions (LICs) from developers under the Environmental Planning and Assessment Act (1979), the Local Government Act (1993) and the City of Sydney Act (2000) (EP&A Act, LG Act and City of Sydney Act) to fund infrastructure required to service and support new development. At 30 June 2018, councils across NSW collectively held more than $3.0 billion in LICs collected from developers. Just over $1.37 billion in total was held by ten councils. Councils collecting LICs must prepare a contributions plan, which outlines how LICs will be calculated and apportioned across different types of infrastructure. Councils that deliver water and sewer services prepare a development servicing plan (DSP) which allows them to collect contributions for water and sewer infrastructure.
Development timeframes are such that there is often several years between when LICs are collected and the infrastructure is required. Good governance and internal controls are needed over these funds to ensure they are available when needed and spent appropriately.
This audit assessed the effectiveness of governance and internal controls over LICs collected by four councils during the 2017–18 and 2018–19 financial years: Blacktown City Council, Central Coast Council, City of Sydney Council and Liverpool City Council. As at June 2018 these councils held the four highest LIC balances, each in excess of $140 million.
Audit Conclusion
Three of the four councils audited were currently compliant with legislation, regulations and Ministerial Directions regarding LICs. All had gaps in governance and controls over LICs which limited effective oversight.
Three of the councils included in the audit complied with legislation, regulations and Ministerial Directions relating to LICs. Central Coast Council breached the EP&A Act between 2001 and 2019 when it used LICs for administration costs. These funds were repaid in late 2019.
While controls over the receipt and expenditure of contributions funds were largely in place at all councils, there were some exceptions relating to valuing work and land delivered in lieu of cash. Three councils do not provide probity guidance in policies relating to LICs delivered through works-in-kind. Three of the councils had contributions plans that were more than five years old.
Staff at all four councils are knowledgeable about LICs but not all councils keep procedures up to date. Three councils' governance frameworks operate effectively with senior officers from across the council involved in decisions about spending LICs, entering into voluntary planning agreements (VPAs) and reviewing contributions plans.
Transparency over key information relating to LICs is important for senior management so they can make informed decisions, and for the community who pay LICs and expect infrastructure to be provided. During the period of the audit, none of the councils included in the audit provided sufficient information to senior management or their councillors about the projected financial status of contributions plans. This information would be valuable when making broader strategic and financial decisions. Information about LIC levies and intended infrastructure is available to the community but not always easy to find.
A strong governance framework is important at each council to ensure that the funds are managed well, available when needed and spent as intended. The audit examined the following features of each council's governance framework as they apply to LICs:
- decision-making by councillors and council officers relating to LICs
- monitoring delivery of contributions plans and DSPs including:
- reviewing assumptions underlying the plans
- monitoring projected status of plans.
Internal controls over LICs are important to promote accountability, prevent fraud and deliver infrastructure to the required standard at the best possible price. If financial controls are weak or are not implemented well, there is a risk that LICs are misspent or that councils pay too much for infrastructure.
Not all councils' internal controls adequately addressed risks associated with the administration of LICs
The audit examined a number of internal controls that manage risks related to LICs. These included:
- financial controls over receipt and expenditure of LIC funds
- management of conflicts-of-interest when dealing with developers
- independent valuations of works-in-kind and dedicated land
- ensuring delivery and quality of works-in-kind, and obtaining security from developers in the event of non-delivery or poor quality work
- management of variations to VPAs and works-in-kind agreements.
We reviewed controls included in policies and procedures and then checked samples of work to ensure that controls were implemented. We found variation in the controls that councils implemented, and some weaknesses in controls. It is a matter for each council to assess their financial risk and develop internal controls that support the collection, management, and expenditure of LICs. However, councils must be able to assure their communities and developers that they are doing everything possible to collect all LICs owing and that work conducted by developers in lieu of cash payments is properly valued and carried out to the required standard.
Further information about audit findings in relation to internal controls for each council are included in chapters five to eight. The exhibit below demonstrates variation in several controls implemented in the audited councils.
In a 2018 report, the Independent Commission Against Corruption noted that 'the appetite for transparency is expanding in both the public and private sectors'.
The Practice Note and S64 Guidance refer to transparency, including the importance of transparency over:
- calculation and apportionment of LICs
- funding of infrastructure, including where and when infrastructure is delivered
- arrangements made with developers through VPAs.
The LIC system is largely transparent for community members who know where to look
Contributions plans and DSPs are public documents, exhibited to the public before being adopted by council. Councils included in the audit publish their contributions plans and DSPs on their websites and meet statutory requirements with regard to reporting and accessibility of information.
However, other public information relating to the LIC system is fragmented across different websites and reports and varies in detail across councils.
| Blacktown City Council | Central Coast Council | City of Sydney Council | Liverpool City Council | |
|---|---|---|---|---|
| Financial details about contributions collected and spent | Financial statements | Financial statements | Financial statements | Financial statements |
| Implementation plans for spending LICs | Contribution plans | S64 implementation plans in DSPs. S7.11 & S7.12 implementation plans developed annually within capital works plan | Contribution plans | Developed annually within capital works plan |
| Capital works underway or completed, funded by LICs | Capital works plan and annual report | Not published | Not published | Capital works plan |
The Practice Note states that councils are accountable for providing the infrastructure for which contributions are collected. Demonstrating that infrastructure has been provided is difficult with fragmented information. As an example of transparent reporting, Blacktown City Council's 2018–19 annual report includes information about infrastructure that has been delivered for every contributions plan, providing transparency over how LICs have been spent.
Use of LICs collected under VPAs is not always transparent
Contributions collected under VPAs are not required to demonstrate the same relationship to a development as LICs collected under section 7.11 of the EP&A Act. VPAs are often negotiated because a developer requests a change to a planning instrument, and it is important that these arrangements, and their outcomes, are transparent to the community.
The EP&A Regulation includes mechanisms to ensure that VPAs are partially transparent. VPAs are exhibited to the public and approved by the elected council. Councils must maintain a VPA Register and make the VPA Deeds of Agreement available on request. However, there is no obligation on council to report on the outcomes or delivery of developers' obligations under VPAs. The four audited councils vary in transparency and accessibility of information available about VPAs.
| Blacktown City Council | Central Coast Council | City of Sydney Council | Liverpool City Council | |
|---|---|---|---|---|
| VPA Register | Council website and annual report | Annual report | Annual report | Council website and annual report |
| VPA Deeds of Agreement | Council website | Available on request | Available on request | Council website |
| Intended use of LICs collected under VPAs | In Deeds of Agreement | In Deeds of Agreement | In VPA Register and most Deeds of Agreement | In VPA Register and most Deeds of Agreement |
| Completion of work funded by cash collected under VPAs | Not published | Not published | Not published | Not published |
| Delivery of works-in-kind or land negotiated under VPAs | Not published | Not published | In VPA Register | Not published |
The Practice Note suggests that councils incorporate the intended use of LICs collected under VPAs in the Deed of Agreement, but there is no guidance relating to transparency over where and when funds have actually been spent. There is merit in councils providing greater transparency over public benefits delivered through VPAs to give communities confidence in VPAs as a planning tool.
Credit arrangements with developers are not always well documented or monitored
When levying LICs, section 7.11(6) of the EP&A Act requires councils to take into account land, money, or works-in-kind that the developer has contributed on other development sites over and above their LIC obligations. This section of the EP&A Act allows a developer to offset a LIC owed on one site against land or works contributed on another. This leads to some developers carrying 'credits' for work delivered to councils, to be paid back by reduced LICs on a future development. Blacktown City Council and Central Coast Council allow developers to carry credits. Liverpool City Council and City of Sydney Council do not permit credits and instead pay the developers for any additional work undertaken.
Councils should formally document credit arrangements and have a robust process to validate and keep track of credit balances and report on them. Central Coast Council does not keep good track of credit arrangements and neither Blacktown City Council or Central Coast Council aggregate or report on outstanding credit balances.
Blacktown City Council manages the largest LIC fund in NSW and negotiates more VPAs than any other council. Overall, Blacktown City Council demonstrates effective governance over the LIC funds but there is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Blacktown City Council also needs to update its operating procedures relating to LICs and improve security over key information.
Blacktown City Council is managing areas with high growth. There is a risk that Blacktown City Council will be unable to collect sufficient LICs to fund the infrastructure required to support that growth. However, Blacktown City Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans.
Blacktown City Council has policies in place to guide the management of LICs although management of credit arrangements with developers requires greater oversight. Policies relating to works-in-kind agreements provide no guidance about probity in negotiations with developers and valuations of works-in-kind are not independent as they are paid for by the developer. Blacktown City Council's S7.11 committee structure could act as a model for other councils. Blacktown City Council is spending LICs according to its contributions plans. Staff managing LICs demonstrate good knowledge of the regulatory environment. However, a number of administrative processes need attention such as outdated procedures, lack of security over key spreadsheets, and inappropriate retention of sensitive personal data.
Recommendations
By December 2020, Blacktown City Council should:
- regularly report to senior management on the projected financial status of contributions plans
- update council's works-in-kind policy to address probity risks during negotiations with developers
- mitigate risks associated with lack of independence in valuations of works-in-kind
- improve public reporting about expenditure of cash collected under VPAs
- improve management oversight of credit arrangements with developers
- update procedures for managing LICs
- implement security measures over critical or personal information and spreadsheets.
Central Coast Council's governance and internal controls over LICs were not fully effective. Between 2001 and 2019, more than $13.0 million in LICs was misspent on administration costs in breach of the EP&A Act. There is scope for improved oversight of the projected financial status of contributions plans and credit arrangements with developers. Policies and procedures from the two former councils are not aligned.
In May 2016, the newly amalgamated Central Coast Council inherited 53 contributions plans from the former Gosford City and Wyong Shire Councils. Managing this number of contributions plans fragments the available funds and increases complexity. Central Coast Council is currently working on consolidating these plans. Between June 2016 and June 2019, its LIC balance doubled from $90.0 million to $196 million. Central Coast Council does not assess and report to senior management or its Audit, Risk and Improvement Committee about the projected financial status of contributions plans. Central Coast Council has a LIC committee but it has no formal charter and senior officers do not regularly attend meetings. This limits the committee's effectiveness as a decision-making body. A draft policy relating to works-in-kind agreements provide no guidance about probity in negotiations with developers. Valuations of works-in-kind and land dedications are not independent as they are paid for by the developer.
Central Coast Council has adjusted its accounts in 2018–19 by $13.2 million to repay the LIC fund for administration expenses that were not provided for in 40 contributions plans.
Recommendations
By June 2020, Central Coast Council should:
1. obtain independent validation of the adjustment made to the restricted asset accounts and general fund to repay LICs spent on administration, and adjustments made to each infrastructure category within the contributions plans
2. publish current contributions plans from the former Gosford City Council on the Central Coast Council website.
By December 2020, Central Coast Council should:
3. regularly report to senior management on the projected financial status of contributions plans
4. increase transparency of information available to the public about LIC works planned and underway, including intended use of contributions collected under VPAs
5. consolidate existing plans, ensuring the new contributions plans includes a regular review cycle
6. develop a formal charter for the developer contributions committee and increase the seniority of membership
7. complete and adopt council's works-in-kind policy currently under development, ensuring it addresses probity risks during negotiations with developers
8. mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land
9. improve public reporting about expenditure of cash collected under VPAs
10. improve management oversight of credit arrangements with developers
11. implement security measures to ensure the integrity of key spreadsheets used to manage LICs
12. align policies and procedures relating to LICs across the amalgamated council including developing policies and procedures for the management of S64 LICs
13. update council's VPA policy to address increased or indexed bank guarantees to accommodate cost increases.
City of Sydney Council manages a complex development environment across the Sydney CBD and inner suburbs. Overall, governance and internal controls over LICs are effective although there is scope for improved oversight of the projected financial status of contributions plans.
City of Sydney Council maintains a large balance of LICs, although not excessive relative to the annual level of LIC expenditure. Unspent contributions are largely associated with open space infrastructure that cannot be delivered until suitable land is available. Thirty per cent of cash contributions are collected under VPAs and there is limited transparency over how these funds are spent. City of Sydney Council does not assess and report to management or its Audit, Risk and Compliance Committee about the projected financial status of contributions plans.
In 2017–18 and 2018–19, LICs were spent in accordance with the corresponding contributions plans. City of Sydney Council staff are knowledgeable about the regulatory environment and are supported by up-to-date policies and procedures.
Recommendations
By December 2020, City of Sydney Council should:
- regularly report to senior management on the projected financial status of contributions plans
- improve public reporting about expenditure of cash collected under VPAs
- periodically review the risk of unpaid LICs associated with complying development certificates and assess whether additional controls are required
- implement security measures to ensure the integrity of key spreadsheets used to manage LICs.
During the audit period 2017–18 and 2018–19, Liverpool City Council did not have effective governance and internal controls over LICs. Liverpool City Council is addressing deficiencies and risks identified through an internal audit published in December 2018 although further work is required. There is scope for improved oversight of the projected financial status of contributions plans.
In the two years to 30 June 2019, the balance of unspent LICs increased by more than 60 per cent against a relatively low pattern of expenditure. Prior to an internal audit completed in late 2018, there was no regular reporting on the status of LICs and a lack of transparency when prioritising the expenditure of LIC funds. During 2019, and following the internal audit, Liverpool City Council engaged additional skilled resources to improve focus and accountability for LICs. A LIC committee has been established to manage contributions plans and support business units to initiate relevant infrastructure projects, although it is too early to assess whether this committee is operating effectively. From February 2019, Liverpool City Council commenced monthly reporting to its Chief Executive Officer (CEO) about the point-in-time status of LIC funds, and to its Audit, Risk and Improvement Committee about risks associated with LICs and the implementation of internal audit recommendations. There is limited reporting to senior management about the projected financial status of some contributions plans. Our audit found no evidence of misuse of funds during the audited period. Methods for valuing work and land are not aligned with policies and procedures and are implemented inconsistently. In addition, valuations of works-in-kind and land dedications are not independent as they are paid for by the developer. The policy relating to works-in-kind provides no guidance about managing probity risks when negotiating with developers.
Recommendations
By December 2020, Liverpool City Council should:
- regularly report to senior management on the projected financial status of contributions plans
- update council's policies and procedures to provide consistent guidance about how works and land offered by developers should be valued
- update council's Works-in-Kind and Land Acquisition Policy to address probity risks during negotiations with developers
- improve public reporting about expenditure of cash collected under VPAs
- mitigate risks associated with lack of independence in valuations of works-in-kind and dedicated land
- implement security measures over critical or private information.
Appendix one – Responses from councils and the Department of Planning, Industry and Environment
Appendix two – Advice from the Crown Solicitor
Appendix three – About the audit
Appendix four – Performance auditing
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Parliamentary reference - Report number #339 - released 17 August 2020
Report on Local Government 2019
I am pleased to present my third report to the Parliament on the 2019 audits of local government councils in New South Wales.
This report notes that unqualified audit opinions were issued on the 2018–19 financial statements of 134 councils and 11 joint organisations. The opinion for one council was disclaimed and three audits are yet to complete.
The report also highlights improvements I have seen in financial reporting and governance arrangements across councils. Fewer errors were identified. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices, including fraud control systems, have also improved.
These are very pleasing indicators of the gradual strengthening of governance and financial oversight of the sector. I want to acknowledge the investment councils have made in working with the Audit Office to improve consistency of practice and accountability generally.
Of course there is more work to do, particularly to prepare for new accounting standards and to strengthen controls over information technology and cyber security management. Asset management practices can also be improved. This report provides some guidance to council on these matters and we will continue to partner with the Office of Local Government in the Department of Planning, Industry and Environment to support good practice.
Auditor-General
5 March 2020
This report focuses on key observations and findings from the 2018–19 financial audits of councils and joint organisations.
Unqualified audit opinions were issued on the financial statements for 134 councils and 11 joint organisations. The audit opinion for Bayside’s 2017–18 and 2018–19 financial statements were disclaimed. Three audits are still in progress and will be included in next year’s report.
The report highlights a number of areas where there has been improvement. There was a reduction in errors identified in council financial statements and high risk issues reported in audit management letters. More councils have audit, risk and improvement committees and internal audit functions. Risk management practices and fraud control systems have also improved.
The report also found that councils could do more to be better prepared for the new accounting standards, asset management practices could be strengthened, and information technology controls and cyber security management could be improved.
The Auditor-General recommended that the Office of Local Government within the Department of Planning, Industry and Environment develop a cyber security policy by 30 June 2021 to ensure a consistent response to cyber security risks across councils.
Financial reporting is an important element of good governance. Confidence in and transparency of public sector decision making is enhanced when financial reporting is accurate and timely. Strong financial performance provides the platform for councils to deliver services and respond to community needs.
This chapter outlines our audit observations on the financial reporting and performance of councils and joint organisations.
Section highlights
- There was a reduction in the number and dollar value of errors identified in councils' financial statements.
- We continue to identify prior period errors, which are predominantly asset-related.
- Unqualified audit opinions were issued for 99 per cent of completed audits for councils and joint organisations.
- Three audits remain outstanding, with the outcomes to be reported in next year's Report to Parliament.
- Seventy-nine per cent of councils and joint organisations lodged their financial reports by 31 October 2019.
- Councils that performed some early reporting procedures achieved better outcomes in terms of the quality and timeliness of financial reporting.
- Councils are at various levels of preparedness to implement the new accounting standards for the 2019–20 financial year. Some have made the necessary modifications to systems and processes, but others are still assessing impacts.
- Most councils met the prescribed benchmarks for the liquidity and working capital performance measures over the past three years.
- More councils reported negative operating performance compared with the prior year, meaning their operating expenditure exceeded their operating revenue.
Strong governance systems and internal controls help councils to operate effectively and efficiently, produce reliable financial reports, comply with laws and regulations and support ethical government.
This chapter outlines the overall trends related to governance and internal control issues across councils and joint organisations for 2018–19.
Section highlights
- While the total number of issues reported in our management letters increased compared with the prior year, the total number of high risk issues have decreased. Of the high-risk issues, 41 per cent were deficiencies in information technology controls.
- More councils have established audit, risk and improvement committees and internal audit functions.
- Councils have improved risk management practices, with over 75 per cent of councils now having a risk management policy and register.
- While most councils have policies and processes to manage gifts and benefits, we identified some instances of non-compliance with the Model Code of Conduct.
- Most councils have policies and processes to manage the use of credit cards.
- Councils can strengthen policies and practices for managing fraud controls and legislative compliance.
- There are further opportunities for councils to improve internal controls over revenue, purchasing, payroll, cash, financial accounting and governance processes.
Councils rely on information technology (IT) to deliver services and manage information. While IT delivers considerable benefits, it also presents risks that council needs to address.
In prior years, we reported that councils need to improve IT governance and controls to manage key financial systems. This chapter outlines the progress made by councils in the management of key IT risks and controls, with an added focus on cyber security.
Section highlights
- We continue to report deficiencies in information technology controls, particularly around user access management. These controls are key to ensuring IT systems are protected from inappropriate access and misuse.
- Many councils do not have IT policies and procedures and others do not identify, monitor or report on IT risks.
- Cyber security management requires improvement, with some basic elements of governance not yet in place for many councils.
Councils are responsible for managing a significant range of assets to deliver services on behalf of the community.
This chapter outlines our asset management observations across councils and joint organisations.
Section highlights
- There was an increase in the total number of issues reported in our management letters for asset management processes.
- There were less high-risk issues reported compared to the previous year.
- We continue to identify discrepancies between the council's Crown land asset records and the Crown Land Information Database (CLID) managed by the former Department of Industry (DOI).
- Inconsistent practices remain across the Local Government sector in accounting for landfill sites.
Appendix one – Response from the Office of Local Government within the Department of Planning, Industry and Environment
Appendix two – Status of 2018 recommendations
Appendix three – Status of audits
Copyright notice
© Copyright reserved by the Audit Office of New South Wales. All rights reserved. No part of this publication may be reproduced without prior consent of the Audit Office of New South Wales. The Audit Office does not accept responsibility for loss or damage suffered by any person acting on or refraining from action as a result of any of this material.
Volume Nine 2011 focus on Education and Communities
The report includes comments on financial audits of government agencies in the Education and Communities sectors. The audits of the above entities’ financial statements for the year ended 30 June 2011 resulted in unmodified audit opinions within the Independent Auditor’s Reports. A key finding was that Treasury should consider issuing further guidance to arts and cultural bodies on collection valuation methodologies due to the significance of these assets to the State’s asset base.
Volume Eight 2011 Focus on Transport and Ports
The report includes comments on financial audits of government agencies in the Transport and Ports sectors. The audit of corporations’ financial statements for the year ended 30 June 2011 resulted in unmodified audit opinions within the Independent Auditor’s Reports. A key recommendation from the report is that Sydney Ports Corporation should continue working with other government authorities and industry stakeholders to improve the effectiveness of program initiatives for increasing container freight movements by rail. The Corporation should review the underlying causes hindering growth in the rail mode and develop and implement strategies to address the unfavourable trend.
Volume Six 2011 focus on Environment, Water and Regional Infrastructure
The Environment Protection Authority’s expenditure for the financial year 2010/11 was $92 million - $76 million of this was for environment protection and regulation. The Office of Environment and Heritage and the Environment Protection Authority commenced 145 prosecutions for environmental offences and 106 were completed in the financial year 2010/11, down from the 134 prosecutions completed in 2009/10. Financial penalties for 2010/11 totalled $969,000 down from $1,403,000 in 2009/10. The average fine decreased from $10,468 in 2009/10 to $9,141 in 2010/11.
